Fetchmail - TLS or SSL problem

Similar Messages

• ISE Problem: EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain

  Hello, I´m stucked with this problem for 3 weeks now.
  I´m not able to configure the EAP-TLS autentication.
  In the "Certificate Store" of the ISE server I have Installed the Root, policy and the Issuing certificates as "trust for client authentication",and in the Local store I have a certificate issuing for the same issuing authority which sign the thw client ones.
  The ISE´s certificate has been issued with the "server Authentication certificate" template.
  The clients have installed the certificates  also the certificate chain.
  When I try to authenticate the wireless clients I allways get the same error: "     Authentication failed : 12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain"
  and "OpenSSLErrorMessage=SSL alert
  code=0x230=560 ; source=local ; type=fatal ; message="Unknown CA - error self-signed certificate in chain",OpenSSLErrorStack=  1208556432:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:2720"
  I don´t know what else can I do.
  Thank you
  Jorge

  Hi Rik,
  the Below are the certificate details
  ISE Certificate Signed by XX-CA-PROC-06
  User PKI Signed by XX-CA-OTHER-08
  In ISE certificate Store i have the below certificates
  XX-CA-OTHER-08 signed by XX-CA-ROOT-04
  XX-CA-PROC-06 signed by XX-CA-ROOT-04
  XX-CA-ROOT-04 signed by XX-CA-ROOT-04
  ISE certificate signed by XX-CA-PROC-06
  I have enabled - 'Trust for client authentication' on all three certificates
  this is unchecked - 'Enable Validation of Certificate Extensions (accept only valid certificate)'
  when i check the certificates of current user in the Client PC this is how it shows.
  XX-CA-ROOT-04 is listed in Trusted root Certification Authority
  and XX-CA-PROC-06 and XX-CA-OTHER-08  are in Intermediate Certificate Authorities

• 12520 EAP-TLS failed SSL/TLS handshake because the client rejected the ISE local-certificate

  Hi guys,
  I have root CA and intermediate CA in ISE local certificate store trusted for client authentication.
  I have imported both root ca and client certificate in the device I want to authenticate, but ISE keeps spitting out this error :
  12520 EAP-TLS failed SSL/TLS handshake because the client rejected the ISE local-certificate

  Refer the link for troubleshooting in page no 22 the issue is mentioned, check it: http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_81_troubleshooting_failed_authc.pdf

• Wired 802.1x EAP-TLS Server Certificate Problem

  I have setup wired 802.1x authentication using EAP-TLS with ACS 3.3 and backend link to Active Directory. Root CA certificates are installed on the ACS and Client PC. Machine certificates and user certificates are also installed on Client PC. A Server certificate is installed on the ACS. All has been configured as detailed on the Cisco Web Site (numerous documents).
  If I set the client to authenticate the Servers certificate I get a failure. The clients log (Cisco Secure Services Client) states:
  11:48:53.088 Validating the server.
  11:48:53.088 Server list is empty, trusted server can not be validated.
  11:48:53.088 Server list is empty, trusted server can not be validated.
  11:48:53.088 The server certificate is invalid, the common name ACS-One.rotherham.gov.uk does not match.
  11:48:54.776 Port state transition to AC_PORT_STATE_UNAUTHENTICATED(AC_PORT_STATUS_ERR_SERVER_TLS_CERTIFICATE_REJECTED)
  11:48:54.776 The authentication process has failed.
  If I look at the Auth log on ACS (set to full logging) it states:
  AUTH 08/27/2008 14:09:04 I 0701 1492 AuthenProcessResponse: process response for 'paul.kyte@domain' against Windows NT/2000
  AUTH 08/27/2008 14:09:04 E 0350 1492 EAP: TLS: ProcessResponse: SSL handshake failed, status = 3 (SSL alert fatal:bad certificate)
  If I configure the client to not check the servers certificate it all works ok.
  Can anyone tell me why my server certificate is getting rejected?
  Thanks,
  Paul

  If Cisco Secure ACS runs on a member server and any user is to be authenticated using EAP-TLS, you must complete additional configuration in Active Directory of the domain containing Cisco Secure ACS. The username that you configured to run all Cisco Secure ACS services must also have permission to read user properties in Active Directory, else EAP-TLS authentication fails.

• HT201412 I have a problem connecting to the server (SSL problem) on my new Apple ipad.  I was supplied with a new ID password, but I am unable to get into my settings and email. Could someone please offer a suggestion?  Thanks!  A.A.

  I have a problem connecting to the server (SSL problem) on my new Apple Ipad (iOS6).  When submitting my Apple ID password, I am prevented from signing in to a secure connection due to an SSL problem.  Any suggestions ??  Thank you! 

  Sounds more like you have a problem with your apple id. For starters go to that page click manage my apple id and singn in. If you can't sign in reset password.
  https://appleid.apple.com
  if you can sign in there, try to sign in to itunes on your computer.

• HT1338 iMac and SSL problem

  I have an iMac operating under OS X.  Where can I find a patch for the SSL problem that reently occurred?

  There is none required for 10.3 or earlier. For Mountain Lion look here: Apple Security Update 2014-001. For Mavericks use App Store for the software update.

• SSL-Problems when setting up a test environment with Exchange

  Hello everyone,
  I am trying to set up a test environment with Exchange 2013 to learn how the stuff works. However, I am facing some problems due to the fact that Exchange is designed for use with SSL certificates. The main thing that makes problems is the connection with
  RPC over HTTP. I've used the MS remote connectivity analyzer to find out why it is not working and as I thought it is because of a missing SSL certificate (it seems the self signed doesn't work here). Now in order to get this working I just bought a certificate
  for "mydomain.com". Now here is the first problem: This certificate is NOT a wildcard certificate. So if I understood correctly it works for mydomain.com but it won't work for subdomain.mydomain.com. Is this correct? (First question)
  If this is correct I will probably another problem: As I said this is a learning-environment so the server is at home behind a router. This means: Only one WAN-IP. I think could get this working by forwarding everything to the Exchange Server (like mydomain.com
  goes to the WAN-IP where the router is forwarding everything like port 25 or 443 directly to the exchange Server). This way I wouldn't have any problems I think: mydomain.com has a valid SSL cert, it resolves to my WAN-IP which forwards everything to the internal
  Exchange Server. Now here is the problem: I plan to setup a SharePoint Server as well. I thought about using ARR (IIS) to make both available behind the same WAN-IP without using ports inside the url. Ideally the Exchange Server should then be available via
  "mail.mydomain.com". This will work fine with ARR but then I probably have SSL problems again? (second question)
  Do you have any ideas what I can do to solve such problems? Should I buy another certificate for mail.mydomain.com? But then I would need to buy several certificates (e.g. for autodiscover.mydomain.com to get this working as well). This can become very expensive...
  Thanks!
  Regards
  Christian

  Hi,
  For your first question, if there is a single certificate just for “mydomain.com”, it cannot work for subdomain.mydomain.com.
  Generally, antodiscover.domain.com is used to access the autodiscover service for external users. If you just need test users to access Exchange server from internal environment, it is not necessary to get a certificate for autodiscover.domain.com.
  Therefore, for your second question what I can ensure is that if all URLs that used to connect Exchange from internal and external are configured to mail.mydomain.com with all services(IIS,SMTP,POP,IMAP), there will be no certificate problems in Exchange
  side.
  Best Regards,
  Winnie Liang
  TechNet Community Support

• SSL or TLS client configure problems !!

  Hello,
  I am using Solaris native DS5.1, configured to use ssl certificate based authentication (server now running ssl configured.
  Using OpenSSL created certificate and certutil tools I created cert7.db for client solaris 9 and even redhat 7.3 client.
  How I can tel the client to authenticate through ssl (port 636) and to use cert7.db (where to put cert7.db file now at /var/ldap ).
  Also how I can test if ssl port 636 is working and accepting ldap queries.
  N.B. The system is working fine with normal port 389 fine, all clients are happy without ssl.
  Thanks
  Farah

  Sorry, I should have mentioned that you need to use the version of ldapsearch that comes with Directory Server - mine is located in /usr/iplanet/ds5/shared/bin/. So you will probably want to amend your PATH. You will also need to add the relevant libraries to your LD_LIBRARY_PATH - mine being /usr/iplanet/ds5/lib:$LD_LIBRARY_PATH.
  I've successfully used OpenSSL to create my directory server certificate & have (finally!) got OpenSSL-created client certificates to work. All I can say is make sure the server certificate is trusted.
  Incidently, you do not use the "-n" flag with the tstclnt command unless you are using a client certificate. My advice to use this command was probably misleading. Maybe the better way of testing your SSL connection is simply to run the relevant ldapsearch command, e.g.
  ldapsearch -v -Z -p 636 -P /var/ldap -b "ou=people,o=myorg" "cn=*"

• SSL Problem in Flex

  I am using Flex with PHP via AMF PHP. Building application
  was fine. But it gave me problem when I deployed it to server which
  sits behind SSL layer. The problem is not associate with data
  accessing I can access data very well but I when I go to any other
  page after visiting flex part it just kicks user out to login page
  again. If I simply use HTTP protocol it does not happen but if I
  use HTTPS protocol it does. I did intense research in this problem.
  I tried following solutions.
  USE crossdomain file name crossdomain.xml
  loadpolicy file
  class="mx.messaging.channels.SecureAMFChannel" in
  service-config.xml
  class="flex.messaging.endpoints.SecureAMFEndpoint" in
  service-config.xml
  lastly here is my crossdomain.xml
  <?xml version="1.0" ?>
  <!-- https://imtecintranet/shopping -->
  <!DOCTYPE cross-domain-policy SYSTEM "
  http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
  <cross-domain-policy>
  <allow-access-from domain="*" secure="false"
  to-ports="443"/>
  </cross-domain-policy>
  All this solution mentioned in different websites including
  flex documentation didn't worked. It's not the problem from PHP
  side since it works perfectly with Flex if I use HTTP protocol so I
  think problem is in Flex side. I read in this website
  http://www.onflex.org/ted/2005/11/using-flash-player-under-https-with.php
  that flash player have bugs and so, I tried to solve this
  problem by using cross-domain.xml file but unfortunately this
  didn't solve the problem. Any help will be greatly appreciated.

  with some additional attributes added on to server.xml <Connector /> tag application is loading fine in local environment.
  <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" bufferSize="64000" maxHttpHeaderSize="64000"  socket.appWriteBufSize="64000" socket.appReadBufSize="64000" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Users\user_name\.keystore" keystorePass="*****" allowTrace="false"/>
  But the same changes are not working in UAT environment, any clue on it will help me.
  thanks in advance.

• Should I see this on startup? re: Two-SSL problems.

  We're having some trouble getting two way ssl to work and I was wondering if when using democert.pem and ca.pem whether we should still see this message upon startup?
  I have created a trusted keystore which basically is a copy of the cacerts file and contains the ca certificate from the client certificate.
  <Mar 9, 2005 6:00:57 PM GMT> <Info> <Security> <090515> <The certificate chain could not be completely checked for issues which could cause it to be rejected by
  a peer during SSL handshaking, no action is required unless peers are rejecting the certificate chain.>
  We are using Axis as a client (JDK 1.4 with no weblogic jars) to a WL7sp4 homed webservice and I have one certificate in the client keystore and I can see that chooseClientAlias gets called on the client.
  On the server we see the following SSL debug information
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <validationCallback: validat
  eErr = 16>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <Required peer certificates
  not supplied by peer>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <Validation error = 20>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <Certificate chain is incomp
  lete>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <Certificate chain is untrus
  ted>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <User defined JSSE trustmana
  gers not allowed to override>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <SSLTrustValidator returns:
  84>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <Trust failure (84): CERT_
  CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls
  .record.alert.Alert@754e13 Severity: 2 Type: 40
  Resulting in a hand shake failure on the client.
  I'm confused by the message
  "Required peer certificates
  not supplied by peer"
  because if we use a web browser it explicitly will say NO_CERTIFICATE but when we use the Axis client that doesn't appear in the log so I don't know if this is a problem with the client not sending the client certificate or not. I do see that chooseClientAlias is called during the startHandshake of the SSLSocket.
  Does CERT_CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED appear even if the client didn't provide a client certificate in the first place is are the errors above indicative of a problem with the certificate chain of the client certificate itself?
  For completeness.
  client keystore has
  Your keystore contains 1 entry
  client_cert, Mar 8, 2005, keyEntry,
  Certificate fingerprint (MD5): BE:79:37:4B:9C:F7:E3:7A:2B:FA:32:06:79:9D:E2:76
  client truststore has
  Your keystore contains 20 entries
  certgenca, Mar 22, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): 8E:AB:55:50:A4:BC:06:F3:FE:C6:A9:72:1F:4F:D3:89
  certgencab, Nov 4, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
  verisignclass4ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10
  wlsdemoca1024, Nov 26, 2001, trustedCertEntry,
  Certificate fingerprint (MD5): 18:18:7D:4B:7E:31:7F:4A:47:77:C8:00:D7:53:41:62
  thawtepersonalbasicca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
  wlsdemoca2, Nov 27, 2001, trustedCertEntry,
  Certificate fingerprint (MD5): 24:51:DB:84:38:18:B2:6B:EB:35:54:18:D0:18:5B:C6
  verisignclass1ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20
  thawtepersonalfreemailca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9
  verisignclass3ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D
  wlsdemoca, Nov 26, 2001, trustedCertEntry,
  Certificate fingerprint (MD5): 18:18:7D:4B:7E:31:7F:4A:47:77:C8:00:D7:53:41:62
  thawteserverca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
  server_cacert, Mar 8, 2005, trustedCertEntry,
  Certificate fingerprint (MD5): 24:51:DB:84:38:18:B2:6B:EB:35:54:18:D0:18:5B:C6
  thawtepersonalpremiumca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D
  server_cert, Mar 8, 2005, trustedCertEntry,
  Certificate fingerprint (MD5): A4:82:64:01:1B:8F:3A:EB:13:F6:41:47:82:1D:C9:41
  client_cacert, Mar 8, 2005, trustedCertEntry,
  Certificate fingerprint (MD5): A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
  thawtepremiumserverca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
  verisignserverca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
  wlsdemobcca1024, Nov 4, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): A1:17:A1:73:9B:70:21:B9:72:85:4D:83:01:69:C8:37
  verisignclass2ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): EC:40:7D:2B:76:52:67:05:2C:EA:F2:3A:4F:65:F0:D8
  wlsdemobcca, Nov 4, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): 5B:10:D5:3C:C8:53:ED:75:43:58:BF:D5:E5:96:1A:CF
  server trust store has
  Your keystore contains 18 entries
  certgenca, Mar 22, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): 8E:AB:55:50:A4:BC:06:F3:FE:C6:A9:72:1F:4F:D3:89
  certgencab, Nov 4, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
  verisignclass4ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10
  wlsdemoca1024, Nov 26, 2001, trustedCertEntry,
  Certificate fingerprint (MD5): 18:18:7D:4B:7E:31:7F:4A:47:77:C8:00:D7:53:41:62
  thawtepersonalbasicca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
  wlsdemoca2, Nov 27, 2001, trustedCertEntry,
  Certificate fingerprint (MD5): 24:51:DB:84:38:18:B2:6B:EB:35:54:18:D0:18:5B:C6
  verisignclass1ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20
  thawtepersonalfreemailca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9
  cacert3, Mar 8, 2005, trustedCertEntry,
  Certificate fingerprint (MD5): A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
  verisignclass3ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D
  wlsdemoca, Nov 26, 2001, trustedCertEntry,
  Certificate fingerprint (MD5): 18:18:7D:4B:7E:31:7F:4A:47:77:C8:00:D7:53:41:62
  thawteserverca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
  thawtepersonalpremiumca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D
  thawtepremiumserverca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
  verisignserverca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
  wlsdemobcca1024, Nov 4, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): A1:17:A1:73:9B:70:21:B9:72:85:4D:83:01:69:C8:37
  wlsdemobcca, Nov 4, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): 5B:10:D5:3C:C8:53:ED:75:43:58:BF:D5:E5:96:1A:CF
  verisignclass2ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): EC:40:7D:2B:76:52:67:05:2C:EA:F2:3A:4F:65:F0:D8
  Here is the sequence of command used to setup the client/server trust/keystores
  rem @echo off
  set JAVA_HOME=C:\jdk1.3.1_09
  rem set JAVA_HOME=C:\j2sdk1.4.2_04
  set WL_HOME=C:\bea\wls7.0sp4
  rem step 1 java -cp %WL_HOME%\lib\weblogic.jar utils.CertGen changeit localhost_client_cert localhost-key export localhost
  rem step 2 keytool -storepasswd -new
  rem secret_trust_password -keystore server_trust_keystore.jks -storepass changeit
  rem step 3 keytool -import -v -noprompt
  rem -trustcacerts -alias cacert3 -file CertGenCA.der -keystore server_trust_keystore.jks
  rem -storepass secret_trust_password
  rem step 4 keytool -storepasswd -new
  rem changeit -keystore server_trust_keystore.jks -storepass secret_trust_password
  rem step 5 java -cp %WL_HOME%\lib\weblogic.jar;C:\bea utils.ImportPrivateKey client_keystore.jks client_store_password client_cert changeit localhost_client-cert.pem localhost-key.pem
  rem step 6 %JAVA_HOME%\bin\keytool -storepasswd -new changeit -keystore client_keystore.jks -storepass client_store_password
  rem step 7 %JAVA_HOME%\bin\keytool -import -v -noprompt -trustcacerts -alias client_cacert -file %WL_HOME%\lib\CertGenCA.der -keystore trust_store_keystore.jks -storepass changeit
  rem step 8 %JAVA_HOME%\bin\keytool -import -v -noprompt -trustcacerts -alias server_cacert -file ca.pem -keystore trust_store_keystore.jks -storepass changeit
  rem %JAVA_HOME%\bin\keytool -import -v -noprompt -trustcacerts -alias server_cert -file democert.pem -keystore trust_store_keystore.jks -storepass changeit

  Now you know why it was $525.  Also realize you are getting a computer that isn't a warranty computer.  How much did you save?
  Read the fine print on the Squaretrade warranty.  Make sure they won't turn it away for the same reason Apple does.
  Can you live without the light?  Even if it got wet in the past it boots now.  If I buy a used car and the radio doesn't work but I get it for a really good price then I figure that's part of it if I can live with it and it doesn't interfer with day to day use.
  It would be nice to know why the hard drive failed their test. Obviously if the computer boots it isn't total toast.  Clearly somebody has been inside the computer to add RAM and maybe change the drive?  That doesn't freak me in a used computer.
  Maybe somebody can comment on non idential RAM but with some computers with RAM from a reputable upgrade source it doesn't matter.  Post the exact specs of the second chip.
  My only question is, how up-front was the person from whom you bought the computer?  Did they tell you about the light?  It isn't a critical part but it is something you can assume to be working unless they tell you it isn't.  If they didn't, what else didn't they tell you?
  Screws will freak Apple Service because they only look at stuff where they know 100% what's been done to it and nobody not-certified has messed with it.  I have done all kinds of things to my computer that would have voided the original warranty 20x over but it long ago went out of warranty.  It purrs.

• What is the Chiper suite and TLS and SSL protocol sent by safari browser ver 8 from iOS8

  Hello,
  I have a production environment where users login in from Ipad/Iphone having Ios8 and safari v8 are not able to log on to the application.
  However, on the same Ipad/Iphone when user tries login in with Chrome or any other browser , they are able to login.
  I need the following help/information:
  1. What is the SSL/TLS protocol version that is supported or used by Apple iOS8.
  2. What is the cipher suites of safari version 8
  Any information on this would be very helpful.
  Thanks,
  Parin.

  Just to recap, this is a collection of ports I have collected over time for people who needed this information when setting up the HP ePrint app so that they could view their email from within the app.  I am certain other applications also need this information.  Although lengthy, I could not find a more comprehensive place to retrieve this information.  Feel free to post additional information, faulty information, or other related topics below as this is simply a collection of data and it would be practically impossible to test all of them. Thank you!
  Don't forgot to say thanks by giving "Kudos" if I helped solve your problem.
  When a solution is found please mark the post that solves your issue.
  Every problem has a solution!

• IMAP/SSL: problem connecting from a web application

  Hi,
  I try to connect to a IMAP/SSL server (with a self-signed certificate) from a web application. I followed http://www.javaworld.com/javatips/jw-javatip115.html.
  When I try to connect from a java application it works fine. But when I try it from a servlet, it fails:
  javax.mail.MessagingException: gaeron.gcrm.test.mail.DummySSLSocketFactory;
    nested exception is:
       java.net.SocketException: gaeron.gcrm.test.mail.DummySSLSocketFactory
       at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:461)
       at javax.mail.Service.connect(Service.java:236)I use Tomcat 5.5, jdk1.5.0_06 and javamail-1_3_3_01. Here is my code:
            Security.setProperty( "ssl.SocketFactory.provider", "gaeron.gcrm.test.mail.DummySSLSocketFactory");
  Properties props = new Properties();
  Session session = Session.getDefaultInstance(props);
  Store store = session.getStore("imaps");
  store.connect(server, 993, username, password);
  store.close();Can anybody help me?
  Thanks,
  El&#337;d.

  I am not sure there is a class called MBoxSSLFactory. Is that a typo? We are in the same boat. We have a web application running on Tomcat that needs to connect to the IMAP store on the MS Exchange 2003 Server. It was working fine until we enabled Basic Authentication - SSL/TLS required setting on it.
  In order to eliminate any complications due to Tomcat and all we are trying to get a simple standalone program that talks to IMAP server (using the DummySSLSocketFactory, DummyTrustManager etc) working.
  I am stuck on the same error: (shown below is the stack trace and the code we are running). I have tried all the suggestions that have been posted on this "Unconnected Sockets not implemented" issue. I have tried it with both Jdk 1.4.2_08 and JDK 1.5.0.
  The JavaMail version is 1.4. If I use JavaMail version 1.3.1 it complains that there is no store type "imaps". If I use "imap" and not "imaps" as the store type I end up getting "Authentication Failed" exception.
  Instead of a DummyTrustManager I even tried importing a certificate. We have deployed a Verisign trial certificate on the EXchange server side. So when we run the InstallCert program (http://blogs.sun.com/andreas/entry/no_more_unable_to_find) it allows us to add the valid certificates to our keystore. Once that is done we have tried to create TrustManager based on that keystore. But NOPE..No success. same problem.
  We have been stuck on this one for the last 4 days and we have a very critical client deployment that is hampered by this one. I know it is turkey time now..but would really appreciate it if some one can help us out.
  javax.mail.MessagingException: Unconnected sockets not implemented;
    nested exception is:
       java.net.SocketException: Unconnected sockets not implemented
       at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:479)
       at javax.mail.Service.connect(Service.java:297)
       at javax.mail.Service.connect(Service.java:156)
       at javax.mail.Service.connect(Service.java:105)
       at GetSSLMail.getmail.main(getmail.java:37)
  Caused by: java.net.SocketException: Unconnected sockets not implemented
       at javax.net.SocketFactory.createSocket(SocketFactory.java:97)
       at com.sun.mail.util.SocketFetcher.createSocket(SocketFetcher.java:224)
       at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:189)
       at com.sun.mail.iap.Protocol.<init>(Protocol.java:84)
       at com.sun.mail.imap.protocol.IMAPProtocol.<init>(IMAPProtocol.java:87)
       at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:446)
       ... 4 more
  package GetSSLMail;
  /* getmail.java */
  import java.util.Properties;
  import javax.mail.*;
  //import javax.mail.internet.*;
  import java.io.*;
  public class getmail {
       //myauth auth;
       public static void main(String args[]) throws Exception {
            String host, name, passwd;
            BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
            System.out.println("Enter IMAP Host Name: ");
            host = br.readLine();
            System.out.println("Enter User name: ");
            name = br.readLine();
            System.out.println("Enter Password: ");
            passwd = br.readLine();
            java.security.Security.setProperty("ssl.SocketFactory.provider","DummySSLSocketFactory");
            // Get a Properties object
            Properties props = System.getProperties();
            props.put("mail.imaps.host", host);
            props.put("mail.imaps.port", "993");
            Authenticator auth = new myauth(name, passwd);
            Session session = Session.getDefaultInstance(props, auth);
            Store store = session.getStore("imaps");
            try {
                 store.connect(); // exception here
                 System.out.println("store connected");
            } catch (Exception e) {
                 //System.out.println("Error :" + e.toString());
                 e.printStackTrace();
            Folder folder = null;
            try {
                 folder = store.getFolder("INBOX"); // because of earlier exception,
                                                              // also
                 // exception here
            } catch (Exception e) {
                 System.out.println("Error :" + e.toString());
            folder.open(Folder.READ_ONLY);
            BufferedReader reader = new BufferedReader(new InputStreamReader(
                      System.in));
            Message message[] = folder.getMessages();
            for (int i = 0, n = message.length; i < n; i++) {
                 System.out.println(i + ": " + message.getFrom() + "\t"
                           + message[i].getSubject());
                 System.out
                           .println("Do you want to read message? [yes to read/quit to end]");
                 String line = reader.readLine();
                 if ("yes".equals(line)) {
                      System.out.println(message[i].getContent());
                 } else if ("QUIT".equals(line)) {
                      break;
       class myauth extends Authenticator {
            String username, password;
            public myauth(String name, String passwd) {
                 username = name;
                 password = passwd;
            public PasswordAuthentication getPasswordAuthentication() {
                 return new PasswordAuthentication(username, password);
  package GetSSLMail;
  import java.io.BufferedInputStream;
  import java.io.FileInputStream;
  import java.io.IOException;
  import java.io.InputStream;
  import java.net.InetAddress;
  import java.net.Socket;
  import java.security.KeyStore;
  import javax.net.SocketFactory;
  import javax.net.ssl.*;
  * DummySSLSocketFactory
  public class DummySSLSocketFactory extends SSLSocketFactory {
  private SSLSocketFactory factory;
  SSLContext sslcontext;
       TrustManagerFactory tmf;
       KeyStore ks;
  public DummySSLSocketFactory() {
       try {
  // try
            ks = KeyStore.getInstance("jks");          
            InputStream in = new FileInputStream("C:\\Documents and Settings\\kk12\\jssecacerts");
            in = new BufferedInputStream(in);
            ks.load(in,null);
            tmf = TrustManagerFactory.getInstance("PKIX");
            tmf.init(ks);
            sslcontext = SSLContext.getInstance("SSL");
            sslcontext.init(null, tmf.getTrustManagers(), null);
            HttpsURLConnection.setDefaultSSLSocketFactory(sslcontext.getSocketFactory());
       //SSLContext sslcontext = SSLContext.getInstance("TLS");
       //sslcontext.init(null,new TrustManager[] { new DummyTrustManager()},null);
       factory = (SSLSocketFactory)sslcontext.getSocketFactory();
       } catch(Exception ex) {
       // ignore
  public static SocketFactory getDefault() {
       return new DummySSLSocketFactory();
  public Socket createSocket(Socket socket, String s, int i, boolean flag)
                      throws IOException {
       return factory.createSocket(socket, s, i, flag);
  public Socket createSocket() throws IOException {
            System.out.println( "createSocket 0");
            return factory.createSocket();
  public Socket createSocket(InetAddress inaddr, int i,
                      InetAddress inaddr1, int j) throws IOException {
       return factory.createSocket(inaddr, i, inaddr1, j);
  public Socket createSocket(InetAddress inaddr, int i)
                      throws IOException {
       return factory.createSocket(inaddr, i);
  public Socket createSocket(String s, int i, InetAddress inaddr, int j)
                      throws IOException {
       return factory.createSocket(s, i, inaddr, j);
  public Socket createSocket(String s, int i) throws IOException {
       return factory.createSocket(s, i);
  public String[] getDefaultCipherSuites() {
       return factory.getDefaultCipherSuites();
  public String[] getSupportedCipherSuites() {
       return factory.getSupportedCipherSuites();
  package GetSSLMail;
  //import com.sun.net.ssl.X509TrustManager;
  import java.security.cert.X509Certificate;
  import javax.net.ssl.TrustManager;
  public class DummyTrustManager implements TrustManager {
       public boolean isClientTrusted( X509Certificate[] cert) {
       return true;
       public boolean isServerTrusted( X509Certificate[] cert) {
       return true;
       public X509Certificate[] getAcceptedIssuers() {
       return new X509Certificate[ 0];

• Single Sign-on and SSL problems

  We are using WebLogic Portal and Server (version 8.1 SP3). We want to have a single sign-on when entering the portal, so that users do not need to reauthenticate each time they access an application via an applet in the portal. We also want to protect the username/password authentication and all other connection information using SSL. We have applications in multiple domains.
  When not using SSL, SSO works okay. We are challenged for username/password exactly once, whether we access the Portal, or an application directly. As soon as we enable SSL, we are challenged repeatedly, and in some cases cannot access the applications at all, as the challenge always fails.
  We suspect that there is a Session cookie problem and that something is clobering the cookie and thus breaking the session. Does anyone have any idea on what might be causing the problem?

  Hi Derick,
  I want to make our discussion into 2 parts
  1) Sign on
  2) Viewing data based on the Heirarchy
  1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
  2) We can make the second point possible in two ways One is with providing restriction at universe level
  and the other one is through the use of flash variables.
  Using flash variables:
  The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
  I hope this is what you ar looking for....
  If so i have more points to acheive such scenario.
  Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
  Regards,
  AnjaniKumar C.A.

• Design Console SSL problems for OIM 9.1.0.2

  Hi there,
  I have installed the design client for OIM 9.1.0.2, patched it and activated SSL using the instructions in:
  http://download.oracle.com/docs/cd/E14049_01/doc.9101/e14062.pdf
  However, when I attempt to log in, I get the following error at the UI:
  Error Keyword: DAE.UNKNOWN_CODE
  Description: An unknown error code was passed.
  Remedy: Contact your system adminstrator.
  Action: E
  Severity: C
  Help URL:
  Detail:
  com.thortech.xl.security.tcLoginException: javax.naming.CommunicationException: Server protocol was not ORMI, if uncertain about the port your server uses for ORMI then use the default, 23791 [Root exception is java.io.IOException: Server protocol was not ORMI, if uncertain about the port your server uses for ORMI then use the default, 23791]
  This seems to indicate that the server protocol is not ORMI, which is correct, it is ORMIS (as per the SSL instructions).
  I've checked through the logs for this error, and am unable to find it, so it looks like it is only visiible client side. This suggests that the connection is not reaching OIM.
  Does anyone have any ideas about how to make sure ORMIS is in use and trouble shooting my SSL connection?
  Any advice gratefully received,
  Hugh

  While seting rmis port in opmn.xml file one should ensure that these ports must be unique as per the DC install guide. Please note there are three instances of <port id="rmis" range="1270x"/> in the opmn.xml file. The first one is generic, the second one is for oc4j_home oc4j container and the last for the oim oc4j container. The rmis port for the oim container must be 12701 for the other instructions to work, the others can be 12702 and 12703 so set the first one to 12702, the second one to 12703 and the third one to 12701 respectively.
  xlConfig_dc_side I had the following:
  <java.naming.provider.url>ormi://172.20.16.139:12701/Xellerate</java.naming.provider.url>
  where it should have been:
  <java.naming.provider.url>ormis://172.20.16.139:12701/Xellerate</java.naming.provider.url>
  This fixed my problem.
  2Hugh

• SSL problem: SSL Forbidden or 12204 SSL port specified is not allowed

  Hello there,
  we have a BIG PROBLEM on a production system.
  Some user on internet using IEXplore 5.0x could'nt access our https page.
  Error reported are:
  SSL Forbidden
  SSL port specified is not allowed
  We are using SSL on port 7002
  This is the weblogic properties reagrd SSL:.
  weblogic.security.ssl.enable=true
  # SSL listen port
  weblogic.system.SSLListenPort=7002
  Any suggestion?
  Is there a possibility to use port 80 both for https and http?
  Any help will be apprciated.
  THANK'S!

  I think you need to setup your proxy server to allow 7002 port,
  or use port 443 for SSL ( it is the default proxy secured port)
  Hope this will help
  Mohds
  "Paul Patrick" <[email protected]> wrote:
  If this is a production problem, you should file a problem report with BEA
  Support.
  But I didn't see any certificates for the server registered. Without
  certificates and a private
  key the SSL protocol will not work.
  Paul Patrick
  "Antimo" <[email protected]> wrote in message
  news:3a12cc80$[email protected]..
  Hello there,
  we have a BIG PROBLEM on a production system.
  Some user on internet using IEXplore 5.0x could'nt access our https page.
  Error reported are:
  SSL Forbidden
  SSL port specified is not allowed
  We are using SSL on port 7002
  This is the weblogic properties reagrd SSL:.
  weblogic.security.ssl.enable=true
  # SSL listen port
  weblogic.system.SSLListenPort=7002
  Any suggestion?
  Is there a possibility to use port 80 both for https and http?
  Any help will be apprciated.
  THANK'S!